The page may not load correctly.
July 3, 2017
In June, Doctor Web security researchers detected an Android Trojan that attacked Iranian mobile device users and executed the commands of cybercriminals. Also in the past month, several new malicious applications were detected on Google Play. One of them tried to gain root access, infiltrated system libraries, and could covertly install software. Other applications sent SMS messages to premium numbers and subscribed users to expensive services. Also distributed on Google Play was riskware that, if used, could lead to the leak of confidential information. In addition, a new encryption Trojan for Android was detected in June.
In June, Doctor Web security researchers detected Android.Spy.377.origin, which was spreading among Iranian mobile device users. This malicious program would steal confidential information and send it to cybercriminals. In addition, it could execute their commands.
Features of Android.Spy.377.origin:
For more information regarding this Trojan, refer to this news article.
In the past month, Doctor Web specialists detected riskware on Google Play that allowed users to access the social networking sites “VK” and “Odnoklassniki” which have been blocked in Ukraine. These applications, added to the Dr.Web virus database as Program.PWS.1, used an anonymizing server to bypass access restrictions and didn’t encrypt login, password and other confidential user information. For more information about this incident, refer to this news article published by Doctor Web.
Also in June, Trojans from the Android.Dvmap family were detected on Google Play. Once launched, these malicious programs try to get root privileges on mobile devices. If successful, they infect some system libraries and install additional components. These Trojans can execute commands of cybercriminals and also download and run other applications without any user involvement.
Other Android Trojans distributed via Google Play in June were added to the Dr.Web virus database as Android.SmsSend.1907.origin and Android.SmsSend.1908.origin. Cybercriminals injected them into benign programs. These malicious applications sent SMS messages to premium numbers, thus subscribing service provider customers to chargeable services. After that, the Trojans started deleting all incoming messages so users wouldn’t receive notifications informing them that they had successfully been subscribed to unwanted premium services.
In June, the ransomware Trojan Android.Encoder.3.origin was detected. It attacked Chinese Android users and encrypted files on SD cards. The authors of this encoder were inspired by the encryption ransomware WannaCry, which infected hundreds of thousands of computers throughout the world in May 2017. The virus writers created ransom demand messages in a similar style.
Cybercriminals demanded a ransom of 20 yuan, and every three days the amount doubled. If the cybercriminals didn’t get their ransom within one week after Android.Encoder.3.origin infected a mobile device, the ransomware would delete the encrypted files.
Malicious programs and riskware for Android infect mobile devices not only via downloads from various websites but also via downloads from Google Play. Doctor Web recommends that device owners be cautious when installing unknown applications and install and use Dr.Web for Android.